Formulating information systems risk management strategies through cultural theory

Tsohou, Aggeliki; Karyda, Maria; Kokolakis, Spyros; Kiountouzis, Evangelos

doi:10.1108/09685220610670378

Cited by 29 publications

(22 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(Dourish, dl Flor & Joseph 2003) (Carstens et al 2004) (Adams, Sasse & Lunt 1997) (Werlinger et al, 2009) (Veiga & Eloff 2009) (Kraemer and Carayon, 2005) (Kraemer et al, 2009) (Knapp, Marshall & Rainer 2006) (Pattinson and Anderson, 2007) (Tsohou et al, 2006). The research most closely related to the topic is described below.…”

Section: Human and Organizational Factors Causing Vulnerabilitiesmentioning

confidence: 99%

Security mistakes in information system deployment projects

Sommestad

Ekstedt

Holm

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

Purpose -This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach -A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings -The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure.Research limitations/implications -The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications -The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications -The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value -Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.

show abstract

Section: Human and Organizational Factors Causing Vulnerabilitiesmentioning

confidence: 99%

Security mistakes in information system deployment projects

Sommestad

Ekstedt

Holm

et al. 2011

Information Management &Amp; Computer Security

View full text Add to dashboard Cite

show abstract

“…The theory is based on four major world views: fatalism, hierarchy, egalitarianism, and individualism. Tsohou, Karyda, Kokolakis, and Kiountouzis (2006) applied cultural theory to information system risk management. They suggested strategies for IS risk management, depending on an individual's cultural bias.…”

Section: Organizational Information Systems Security Researchmentioning

confidence: 99%

An Exploration of Human Resource Management Information Systems Security

Zafar¹,

Clark²,

Ko³

2011

Journal of Emerging Knowledge on Emerging Markets

View full text Add to dashboard Cite

“…They are AS/NZS 4360:1999;AIRMIC, ALARM, IRM: 2002;BS 31100: 2008;BS 31100:2011 andISO 31000:2009 for generic risk; The ISO 27005:2011 was also reviewed which is specific to information security risk management. A number of risk management approaches from scholars, including Humphreys (2008), Misra et al (2007), Tsohou et al (2006), Kwok and Longley (1999), Spinellis et al (1999), Halliday et al (1996), and Baskerville (1991), were also studied and discussed. AS/NZS 4360 is a widely recognized risk management standard.…”

Section: Information Security Risk Man-agement: a Literature Reviewmentioning

confidence: 99%

“…The four stages are described in terms of information security as follows (Misra et al, 2007) (Tsohou et al, 2006). The stage of initiation aims mainly to define the context of the risk management process; to set the scope of the analysis and to establish a risk management team.…”

Section: Information Security Risk Man-agement: a Literature Reviewmentioning

confidence: 99%

Development of a Failure Mode and Effects Analysis Based Risk Assessment Tool for Information Security

Lai¹,

Chin²

2014

Industrial Engineering and Management Systems

View full text Add to dashboard Cite

Risk management is recognized as a significant element in Information Security Management while the failure mode and effects analysis (FMEA) is widely used in risk analysis in manufacturing industry. This paper aims to present the development work of the Information Security FMEA Circle (InfoSec FMEA Circle) which is used to support the risk management framework by modifying traditional FMEA methodologies. In order to demonstrate the "appropriateness" of the InfoSec FMEA Circle for the purposes of assessing information security, a case study at Hong Kong Science and Technology Parks Corporation (HKSTP) is employed. The "InfoSec FMEA Circle" is found to be an effective risk assessment methodology that has a significant contribution to providing a stepwise risk management implementation model for information security management.

show abstract

Formulating information systems risk management strategies through cultural theory

Cited by 29 publications

References 36 publications

Security mistakes in information system deployment projects

Security mistakes in information system deployment projects

An Exploration of Human Resource Management Information Systems Security

Development of a Failure Mode and Effects Analysis Based Risk Assessment Tool for Information Security

Contact Info

Product

Resources

About